Home > Hijack Log > Hijack Log After Virus

Hijack Log After Virus

Sounds like a useful program. Under Main select the following: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. Back to top #8 Ben Jacinov Ben Jacinov Topic Starter Members 11 posts OFFLINE Local time:04:44 PM Posted 03 September 2010 - 11:06 PM I forgot to ask, should I Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. his comment is here

Please re-enable javascript to access full functionality. I then ran vundofix and it found about 6 files and deleted them. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! http://www.bleepingcomputer.com/forums/t/343208/hijack-log-after-virus-cleaning-elkernc-and-loggers/

Both times there was a message telling me the computer had recovered from a serious error. Here's that HJT log that you asked for: Logfile of HijackThis v1.99.1 Scan saved at 4:28:10 PM, on 11/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running It will open a black window, please do not fix anything (if it gives you an option).3.

Bleeping Computer is being sued by EnigmaSoft. cybertech, Jan 12, 2004 #2 AlanUk Thread Starter Joined: May 26, 2002 Messages: 42 Logfile of HijackThis v1.97.7 Scan saved at 19:33:36, on 12/01/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: RealDownload Plus.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE O4 Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech".

Click here to Register a free account now! Error code: 2S136/C Contact Us Existing user? Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

One safe mode scan I noticed it was scan an area called 'shells' or 'shell'. Click the Scan for Vundo button. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Leave the top box checked and then check Push the Start Some Questions: This one O4 - HKCU\..\Run: [SDS Doorbell] C:\PROGRAM FILES\ONLINECALL\ONLINECALL.EXE is advertising ware and will produce popups - you knew that?

Then browse to and delete this file: C:\WINDOWS\system32\owinlndt.exe Check that it stays gone after a restart. original site Install Spybot - Search and Destroy - Spybot: Search And Destroy with its TeaTimer option. WE'RE SURE THAT YOU'LL LOVE US! to your desktop and run it.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. this content Username Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Login Signup Help Sign In Use Facebook Use Twitter Need an account? And unfortunately the "save report" button was disabled so I do not have a log for that.

Be sure to adhere to our posting rules. Coyote's Installed programs for prevention: http://forums.tomcoy...showtopic=31418 The help you receive here is free. Click here to fight backIf I have helped you fix your PC then please donate. weblink O3 - Toolbar: (no name) - {F5F931E0-AF07-11D7-88DF-0002E31F7E9A} - (no file) O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE O4 - Startup: RealDownload Plus.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE O4 - Startup: PalNetaware.lnk = C:\Paltalk\puninstall.exe O16 -

Thanks for all the help! I will post back shortly with a suggested fix. Click the System Restore tab.

Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the

Include the contents of this report in your next reply.Push the button.Push NOTE: If no malware is found then no log will be produced. Also, after clicking on a tab in IE 8, it tends to take bit before the new tab appears. Hijack Log after virus cleaning ElKern.C and Loggers Started by Ben Jacinov , Aug 27 2010 03:13 AM Prev Page 2 of 2 1 2 This topic is locked 17 replies Advertisements do not imply our endorsement of that product or service.

A valid, working link to the closed topic is required along with the user name used. Anybody can ask, anybody can answer. Malware Response Instructor 34,448 posts OFFLINE Gender:Male Location:London, UK Local time:09:44 PM Posted 04 September 2010 - 04:47 AM Before you enable the CD emulations driver please run ESETHold down http://splodgy.org/hijack-log/hijack-log-redirect-jump-virus.php If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.Everyone else please begin a New Topic.

With the help of this automatic analyzer you are able to get some additional support. Run the scan, enable your A/V and reconnect to the internet. Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program. It is.

Click here to fight backIf I have helped you fix your PC then please donate. Discussion in 'Virus & Other Malware Removal' started by AlanUk, Jan 12, 2004. Bleeping Computer is being sued by EnigmaSoft. But I did run another hijack after the AVG scan (just in case); the log appears below.

Done! Messenger (HKLM) O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Several functions may not work. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).2.

Malware Response Instructor 34,448 posts OFFLINE Gender:Male Location:London, UK Local time:09:44 PM Posted 04 September 2010 - 05:04 PM Looks like you're clean, Ben. But what about fonts? Back to top #6 IndiGenus IndiGenus Teacher Emeritus Authentic Member 5,251 posts Interests:Computer Security, Music, Sports Posted 16 November 2006 - 05:20 AM Hello beneficialz380, Things are looking better but we